The function of having an incident response (IR) plan is to provide guidance to staff, both technical staff and management, on how to quickly and effectively recovery from the information security incidents.

An IR plan is also needed to ensure staff responds in a systematic manner to incidents, rather than everyone doing things in an ad hoc manner.

The book contains the high-level areas in which to develop an IR plan. Anyone firm who has yet to create an IR plan (and they should be ashamed of themselves if they don’t have one) can use The Computer Incident Response Planning Handbook as a starting point.